Total
16311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-24142 | 1 Rems | 1 School Task Manager | 2025-05-09 | N/A | 9.8 CRITICAL |
| Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter. | |||||
| CVE-2022-3302 | 1 Cleantalk | 1 Spam Protection\, Antispam\, Firewall | 2025-05-09 | N/A | 7.2 HIGH |
| The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin | |||||
| CVE-2022-3300 | 1 10web | 1 Form Maker | 2025-05-09 | N/A | 7.2 HIGH |
| The Form Maker by 10Web WordPress plugin before 1.15.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | |||||
| CVE-2022-43023 | 1 Opencats | 1 Opencats | 2025-05-09 | N/A | 6.5 MEDIUM |
| OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function. | |||||
| CVE-2022-43022 | 1 Opencats | 1 Opencats | 2025-05-09 | N/A | 6.5 MEDIUM |
| OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag deletion function. | |||||
| CVE-2022-43021 | 1 Opencats | 1 Opencats | 2025-05-09 | N/A | 6.5 MEDIUM |
| OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the entriesPerPage variable. | |||||
| CVE-2024-39841 | 1 Centreon | 1 Centreon Web | 2025-05-09 | N/A | 8.8 HIGH |
| A SQL Injection vulnerability exists in the service configuration functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. | |||||
| CVE-2024-33854 | 1 Centreon | 1 Centreon Web | 2025-05-09 | N/A | 9.1 CRITICAL |
| A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. | |||||
| CVE-2024-33853 | 1 Centreon | 1 Centreon Web | 2025-05-09 | N/A | 9.1 CRITICAL |
| A SQL Injection vulnerability exists in the Timeperiod component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. | |||||
| CVE-2024-33852 | 1 Centreon | 1 Centreon Web | 2025-05-09 | N/A | 9.1 CRITICAL |
| A SQL Injection vulnerability exists in the Downtime component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. | |||||
| CVE-2024-32501 | 1 Centreon | 1 Centreon Web | 2025-05-09 | N/A | 9.8 CRITICAL |
| A SQL Injection vulnerability exists in the updateServiceHost functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. | |||||
| CVE-2025-4073 | 1 Phpgurukul | 1 Student Record System | 2025-05-09 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Student Record System 3.20. It has been classified as critical. Affected is an unknown function of the file /change-password.php. The manipulation of the argument currentpassword leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4072 | 1 Phpgurukul | 1 Online Nurse Hiring System | 2025-05-09 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit-nurse.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Multiple parameters might be affected. | |||||
| CVE-2025-4071 | 1 Phpgurukul | 1 Covid19 Testing Management System | 2025-05-09 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in PHPGurukul COVID19 Testing Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /test-details.php. The manipulation of the argument Status leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4070 | 1 Phpgurukul | 1 Rail Pass Management System | 2025-05-09 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in PHPGurukul Rail Pass Management System 1.0. This affects an unknown part of the file /admin/changeimage.php. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4074 | 1 Phpgurukul | 1 Curfew E-pass Management System | 2025-05-09 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/pass-bwdates-report.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-45020 | 1 Phpgurukul | 1 Park Ticketing Management System | 2025-05-09 | N/A | 7.2 HIGH |
| A SQL Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the todate parameter in a POST request. | |||||
| CVE-2025-45017 | 1 Phpgurukul | 1 Park Ticketing Management System | 2025-05-09 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability was discovered in edit-ticket.php of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the tprice POST request parameter. | |||||
| CVE-2025-45018 | 1 Phpgurukul | 1 Park Ticketing Management System | 2025-05-09 | N/A | 9.8 CRITICAL |
| A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the todate parameter. | |||||
| CVE-2025-45019 | 1 Phpgurukul | 1 Park Ticketing Management System | 2025-05-09 | N/A | 5.4 MEDIUM |
| A SQL injection vulnerability was discovered in /add-foreigners-ticket.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the cprice POST request parameter. | |||||